What are some of the moves that organizations can make to improve their identity and access management? Veda Sankepally, an IT security manager at managed care company Molina Healthcare, describes critical steps in this case study interview.

A few years ago, Molina Healthcare was using a homegrown solution to onboard and offboard users daily in batches from the company's HR system into Active Directory, she says.

But the company was growing quickly, so the mostly manual process of provisioning and de-provisioning access to Molina's systems was time-consuming, Sankepally says in an interview with Information Security Media Group.

"With the increasing demands, we couldn't complete all the business processes involved, and there was a lack of standards," she says. "Our onboarding process was taking 10 to 20 days."

As a result, the company made a move to standardize and automate its ID and access management platform, choosing to implement technology from SailPoint Technologies, she says. "Today we have more than 15,000 active identities supporting 15 different states with different lines of business ... including caregivers on the ground."

For onboarding users, the company now has a "near real-time integration" with its cloud-based HR system that has automated the onboarding and offboarding process, she says.

"From that foundation, we introduced the next step; we built a platform for application provisioning and de-provisioning," she says. "As we are onboarding more applications, we can utilize that to do faster integration. First we focused on our crown jewels - our main applications. And then we brought in more applications."

The next phase involved access governance to build in regulatory compliance, she says. "We worked side by side with the compliance team to make sure all policies and procedures are being documented," she says.

The end-user perspective of Molina Healthcare's ID and access management system and processes;

Other steps the organization has taken to improve its ID and access management;

Advice to other organizations struggling with ID and access management challenges.

Sankepally is an IT security manager and senior IAM architect at Molina Healthcare, a managed care company based in Long Beach, California, that provides health insurance to individuals through government programs such as Medicaid and Medicare. With over 18 years of experience in identity management, Sankepally has been leading major identity and access management projects, working with a broad number of client companies in various industries. Previously, she was a senior architect for IAM at a consulting company and later a technical lead for identity management initiatives at Southern California Edison.